3-way Bridge: WAN{BSS}-LAN-OPT1{AP}

pcatiprodotnet

[using beta4]
I need to set up a simple 3-way bridge on my wrap.2c with two wifi cards and 1 ethernet port.
I bridged LAN-to-WAN and OPT1-to-LAN.  But ethernet traffic isn't passing yet.
I set the firewall to all/all/all on all interfaces (just for testing). I set the IPs on each interface to the same IP number.
WAN is in BSS/Client mode connected to a distant AP/Bridge.  OPT1 is set to Access Point (hostap) mode.
No PCs can ping each other or the gateway (or get DHCP from the gateway) through my "bridge".
However, from my "bridge" I can ping the PCs, and the PC's can ping it.
Any suggestions are greatly appreciated.
Thank you, -Pete

hoba

Are all interfaces involved in the bridge up? In case your LAN is unconnected the bridge won't pass traffic.

pcatiprodotnet

Yes, All three interfaces are involved, and they are listed in "ifconfig" under bridge0.

In case your LAN is unconnected the bridge won't pass traffic.
Thanks!  I did have it unconnected while testing wan-op1.

pcatiprodotnet

I changed the bridges to: LAN->WAN  &  OPT1->WAN
ifconfig indicates the wan is connected to the remote AP, but I can't ping the remote AP, not even from pfSense.

sullrich

3 way bridging does not work in 1.0.  This will appear in 1.1.

pcatiprodotnet

no bridge, no RIP… don't see any way around having to hard coding tons of routes old-school, unless you accomplish the 3-way bridge by spending double $ for two hardware units 2-way bridged.  I guess this also means no seamless wireless roaming between APs is possible without bridging.  I look forward to pfSense1.1 when I can enjoy the combination of RIP & OLSR.

billm

@pcatiprodotnet:

no bridge, no RIP… don't see any way around having to hard coding tons of routes old-school, unless you accomplish the 3-way bridge by spending double $ for two hardware units 2-way bridged.  I guess this also means no seamless wireless roaming between APs is possible without bridging.  I look forward to pfSense1.1 when I can enjoy the combination of RIP & OLSR.

Until FreeBSDs hostapd supports IAPP, seemless roaming between APs (which really isn't all that seemless anyway) isn't a possibility regardless of bridging.  The code is in hostapd for IAPP already if anyone feels like removing the linux-ism's and making it actually work in FreeBSD - it's on my plate currently - it'll be a while (as much as I want it).

–Bill

lsf

Adding this to hostapd.conf should give you what you are looking for. This should work in hostapd 0.4.8 and newer.

rsn_preauth=1
rsn_preauth_interfaces=em0 (layer2 connected interface to talk to other AP's)
The rsn_preauth lines are only for preauthentication of WPA key etc. This provides the client to preauth to the new AP prior to actually associating(romaing to) with the new AP.

iapp_interface=em0 (layer2 connected interface to talk to other AP's)